exploitDog

CVE-2025-13316

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 8.1

EPSS Средний

Описание

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

Ссылки

https://www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:lynxtechnology:twonky_server:8.5.2:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.46062

Средний

8.1 High

CVSS3

Дефекты

CWE-321

Связанные уязвимости

GHSA-6wjv-8p85-pcxm

CVSS3: 8.1

github

30 дней назад

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

EPSS

Процентиль: 98%

0.46062

Средний

8.1 High

CVSS3

Дефекты

CWE-321